Generally I think anything that gums up the screws of the surveillance state with more ciphertext is good. Details came out about the Dark Mail Alliance project at the Inbox Love email conference's keynote speech and if there is time I might break apart considerations from the speech, but waiting for white papers would probably be prudent. The involvement of internet saints Ladar Levinson and Phil Zimmerman is promising. At the very least this represents a promising channel for conveying messages. I have to wonder though how much attention they will pay to attempting to protect against diddling in the underlying hardware of software layers.

The approach of No Such lAbs, the people behind the Phuctor, proceeds from the assumption of a generally more hostile computing environment, per their initial announcement of the Cardano:

This no doubt has influencing it Stanislav Datskovskiy's laws for sane computing. While Dark Mail offers a plaform built on potentially untrustworthy platforms, the Cardano offers a self contained device for public key cryptography. The Cardano promise is that when its physical security is maintained it may be used to securely even in tandem with hostile communications channels and hostile hardware.

While the recent attention to Levinson and Zimmerman makes most efforts they could announce newsworthy, it does raise some concern that the effort which assumes more extreme obstacles to be overcome is receiving so little attention.

Update: If it isn't clear, I plan on buying some Cardanos and personally think the Dark Email thing is probably going to end up being snake oil. Like tor it seems like something that might inconvenience adversaries, but it lacks the assurances of an in itself device.

This entry was posted
on Wednesday, October 30th, 2013 at 7:25 p.m. and is filed under Uncategorized.
You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.

[…] the last post I discussed two different approaches to securing email, a software/protocol version and an in itself hardware so…. It is time to talk some serious weaknesses of relying on infrastructure outside of your control. […]

Anyone who recommends a system where SSL (or any other PKI-ish master-keyed crock of shit) is the weak link is either an ignoramus or has solidly 'gone Schneier.' And I'm afraid the excuse of ignorance is not available to Zimmerman & friends.